This inbound email rule detects self-sent messages (one recipient equal to the sender) that contain a bolded hyperlink text ending in .pdf within the email body. It targets social-engineering PDFs that use subject-domain correlation to appear legitimate. The rule parses the HTML body to find anchors with bold text, then checks the displayed text for a trailing .pdf. It derives a single word from the subject (via a regex capture) and requires that word to appear in the link text, or that the link text contains the sender's second-level domain. The detection excludes actual URL links (no href URL) and ensures there are no existing hrefs pointing to PDFs, aiming to catch deceptive text-based PDF lures rather than legitimate PDF links. The combination of header/HTML/sender/content checks is designed to identify credential phishing and BEC tactics that rely on self-sent messages with convincing PDF-like links and subject/domain alignment to bypass defenses and appear trustworthy to the recipient."